Difference between revisions of "EHR Interop - CDA R3 - Access Control"
Gdickinson (talk | contribs) |
Gdickinson (talk | contribs) |
||
Line 19: | Line 19: | ||
=Rationale= | =Rationale= | ||
− | Possibly the best way to establish and persist permissions/authorizations is to embed access control notations in each document instance (when applicable). | + | Possibly the best way to establish and persist permissions/authorizations is to embed access control notations in each document instance (when applicable). Access control parameters are embedded and persisted at request of document subject (e.g., patient), author or source organization and are carried out (honored) by each downstream document recipient. |
=Discussion= | =Discussion= |
Revision as of 17:30, 1 October 2009
Submitted by: HL7 EHR Interoperability WG - Gary Dickinson Revision date: 1 October 2009
Submitted date: 1 October 2009 Change request ID: <<Change Request ID>>
Contents
Contents
Issue
Allow Access Permissions/Authorizations in CDA R3 Instances
Recommendation
Embed access controls specific to: individuals or roles
Embed access controls to: entire document content, section content, template content, discrete attribute content
Rationale
Possibly the best way to establish and persist permissions/authorizations is to embed access control notations in each document instance (when applicable). Access control parameters are embedded and persisted at request of document subject (e.g., patient), author or source organization and are carried out (honored) by each downstream document recipient.
Discussion
Recommended Action Items
Resolution
(Resolution is to be recorded here and in the referenced minutes, which are the authoritative source of resolution).